Nameserver hostname passed to dnszone_add command was always treated
as FQDN even though it was a relative DNS name to the new zone. All
relative names were being rejected as unresolvable.

Advertising

Modify --name-server option processing in dnszone_add and dnszone_mod
to respect FQDN/relative DNS name and do the checks accordingly. With
this change, user can add a new zone "example.com" and let dnszone_add
to create NS record "ns" in it, when supplied with its IP address. IP
address check is more strict so that it is not entered when no forward
record is created. Places misusing the option were fixed.
Nameserver option now also accepts zone name, which means that NS and A
record is placed to DNS zone itself. Also "@" is accepted as a nameserver
name, BIND understand it also as a zone name. As a side-effect of this
change, other records with hostname part (MX, KX, NS, SRV) accept "@"
as valid hostname. BIND replaces it with respective zone name as well.
Unit tests were updated to test the new format.
https://fedorahosted.org/freeipa/ticket/3204
---
With this change, use cases like the following should now work as expected:
# ipa dnszone-add example.com --name-server ns --ip-address 10.0.0.1
# ipa dnszone-add example.com --name-server ns.example.com. --ip-address
10.0.0.1
# ipa dnszone-add example.com --name-server ns.other.zone. --ip-address
10.0.0.1
# ipa dnszone-add example.com --name-server example.com. --ip-address 10.0.0.1
# ipa dnszone-add example.com --name-server @ --ip-address 10.0.0.1
Martin

Forgot to squash NS check fix. Updated patch attached.

Overall it looks good.
The API needs to be updated.
We had no formal string freeze but do we need to change doc strings now or can
these be deferred (except may be the examples)?
rob

API updated.
Relaxed check for root zone that Petr Spacek pointed out was removed.
As for the string changes... I think that the only optional change is this one:
@@ -1726,10 +1764,10 @@ class dnszone_add(LDAPCreate):
takes_options = LDAPCreate.takes_options + (
Flag('force',
label=_('Force'),
- doc=_('Force DNS zone creation even if nameserver not in DNS.'),
+ doc=_('Force DNS zone creation even if nameserver is not
resolvable.'),
),
Str('ip_address?', _validate_ipaddr,
- doc=_('Add the nameserver to DNS with this IP address'),
+ doc=_('Add forward record for nameserver located in the created
zone'),
),
)
Other changes are needed to make our processing of domain name clear, like
- error=unicode(_("Nameserver address is not a fully
qualified domain name")))
+ error=_("Nameserver address is not a domain name"))
Updated patch attached.
Martin